Question No: 91

Which identity store option allows you to modify the directory services that run on TCP/IP?

Lightweight Directory Access Protocol

RSA SecurID server

RADIUS

Active Directory

Answer: A

Question No: 92

Which effect does the ip http secure-server command have on a Cisco ISE?

It enables the HTTP server for users to connect on the command line.

It enables the HTTP server for users to connect by using web-based authentication.

It enables the HTTPS server for users to connect by using web-based authentication.

It enables the HTTPS server for users to connect on the command line.

Answer: C

Question No: 93

Which statement about Cisco ISE BYOD is true?

Dual SSID allows EAP-TLS only when connecting to the secured SSID.

Single SSID does not require endpoints to be registered.

Dual SSID allows BYOD for guest users.

Single SSID utilizes open SSID to accommodate different types of users.

Single SSID allows PEAP-MSCHAPv2 for native supplicant provisioning.

Answer: E

Question No: 94

Refer to the exhibit.

Which URL must you enter in the External Webauth URL field to configure Cisco ISE CWA correctly?

https://ip_address:8443/guestportal/Login.action

https://ip_address:443/guestportal/Welcome.html

https://ip_address:443/guestportal/action=cpp

https://ip_address:8905/guestportal/Sponsor.action

Answer: A

Question No: 95

You configured wired 802.1X with EAP-TLS on Windows machines. The ISE authentication detail report shows quot;EAP-TLS failed SSL/TLS handshake because of an unknown CA in the client certificates chain.quot; What is the most likely cause of this error?

The ISE certificate store is missing a CA certificate.

The Wireless LAN Controller is missing a CA certificate.

The switch is missing a CA certificate.

The Windows Active Directory server is missing a CA certificate.

Answer: A

Question No: 96

During BYOD flow, where does a Microsoft Windows 8.1 PC download the Network Setup

Assistant from?

from Cisco App Store

from Cisco ISE directly

from Microsoft App Store

It uses the native OTA functionality.

Answer: B

Question No: 97

Which two posture redirect ACLs and remediation DACLs must be pushed from Cisco ISE to a Cisco IOS switch if the endpoint must remediate itself? The ISE IP address is 10.201.228.76 and the IP address of the remediating server is 10.201.229.1. (Choose two.)